CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. Vendor/Product: Trimble Cityworks. Added to CISA KEV 2025-02-07; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.